08-08-2014 01:40 AM - edited 03-10-2019 09:55 PM
Hi All ,
We are implementing wired dot1x for our wired users with EAP-TLS. When I am connecting laptop it is getting authenticated and it is working fine. For Voip(Avaya) we are using MAB .When we connect VOIP , after 30 seconds ACS is giving Access-accept(auth success) . But Voip is stuck up in Bad router state and VOIP is not working. If I connect the laptop behind the voip it is getting authenticated and it is working fine eventhough voip is stuck up.
Is there a way we can reduce 802.1x auth timings , so that VOIP can register succesfully?
The switch interface config is ,
authentication event fail action next-method
authentication host-mode multi-auth
authentication order dot1x mab
authetication priority dot1x mab
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 10
Thanks,
Vijay
08-15-2014 04:07 AM
Hi,
i am using AVAYA as well in production. They support 802.1X.
Configure Voice VLAN on each Port.
Let ACS send the radius attribute device-traffic-class=voice under
Policy Elements/Authorization and Permissions/Network Access/Authorization Profiles VOICE VLAN
and select Permission to join static.
A good guide: IP Telephony for 802.1X Design Guide
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/IP_Tele/IP_Telephony_DIG.html
Regards Horst
08-19-2014 06:52 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide